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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

Responsive to communication(s) filed on 06 January 2000 . 
2a)Q This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-16 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1.3-6,9-11 and 13-16 is/are rejected. 

7) [3 Claim(s) 2.7.8 and 12 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

1 3) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 119(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
Attachment(s) 

1) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) Paper No(s). . 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) Q Notice of Informal Patent Application (PTO-152) 

3) □ Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) O Other: 
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DETAILED ACTION 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

Claims 1-16 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
6,378,072 granted to Collins et al. 

Regarding claim 1, Collins meets the claims limitations as follows: 
"A method for initializing operation of an information security operation for an entity, 
comprising the steps of: 

storing at least one of: entity identification data and a function of entity 
identification data and storing associated shared authentication data; 

storing inquiry data to facilitate entry of shared authentication data for 
initialization; 

retrieving the stored inquiry data for presentation based on received entity 



identification data; 
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receiving shared authentication data in response to the presented inquiry data; 
comparing received shared authentication data with the stored shared authentication 
data; and 

determining whether to initialize operation of the information security operation 
based on the comparison." see column 2, line 48 to column 3, line 13 and column 8, line 
12 to 11, line 23. 

Regarding claim 3, Collins meets the claims limitations as follows: 
The method of claim 1 including the steps of: storing data representing a function of the 
entity identification data and storing shared authentication type data; subsequently 
generating data representing a function of the received entity identification data; 

obtaining the stored shared authentication type data based on the subsequently 
generated data representing a function of the received entity identification data; and 
selecting, under control of a processing unit, stored inquiry data for presentation to a* 
user, based on the obtained stored shared authentication type data." see column 2, line 
48 to column 3, line 13 and column 8, line 12 to 11, line 23. ' 

Regarding claim 4, Collins meets the claims limitations as follows: 
"The method of claim 1 wherein the step of initializing the operation of the information 
security operation includes the use of a PAKE or other appropriate protocol." see 
column 6, lines 5-18. 

Regarding claim 5, Collins meets the claims limitations as follows: 

The method of claim 1 wherein the step of determining whether to initialize the 
operation of the information security operation includes repeating the steps o£ retrieving 



Application/Control Number: 09/478,254 Page 4 

Art Unit: 2134 

stored inquiry data for presentation based on received entity identification data; 
receiving shared authentication data in response to the presented inquiry data and 
combining with previously received authentication data; comparing received shared 
authentication data with the stored shared authentication data; and determining whether 
to initialize operation of the information security operation based on the comparison." 
see column 2, line 48 to column 3, line 1 3 and column 8, line 1 2 to 1 1 , line 23. 

Regarding claim 6, Collins meets the claims limitations as follows: 
"A method for initializing operation of an information security operation for an 
entity, comprising the steps of: 

storing, by a first processor, at least one of entity identification data and a 
function of entity identification data and storing associated shared authentication data; 

storing, by a second processor, inquiry data to facilitate entry of shared 
authentication data for initialization; 

retrieving, by the second processor, the stored inquiry data for presentation 
based on received entity identification data; receiving, by a third processor, shared 
authentication data in response to the presented inquiry data; 

comparing received shared authentication data with the stored shared 
authentication data; and determining whether to initialize operation of the information 
security operation based on the comparison." see column 2, line 48 to column 3, line 13 
and column 8, line 12 to 1 1 , line 23. 

Regarding claim 9, Collins meets the claims limitations as follows: 
"The method of claim 6 wherein the step of initializing the operation of the 
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information security operation includes the use of a PAKE or other appropriate 
protocol." see column 6, lines 5-18. 

Regarding claim 10, Collins meets the claims limitations as follows: 
"The method of claim 6 wherein the step of determining whether to initialize the 
operation of the information security operation includes repeating the steps of: retrieving 
stored inquiry data for presentation based on received entity identification data; 
receiving shared authentication data in response to the presented inquiry data and 
combining with previously received authentication data; comparing received shared 
authentication data with the stored shared authentication data; and determining whether 
to initialize operation of the information security operation based on the comparison." 
see column 2, line 48 to column 3, line 1 3 and column 8, line 1 2 to 1 1 , line 23. 
Claims 11, 13, 15 and 16 are system claims that are substantially equivalent to method 
claims 1 , 3, 4 and 5. Therefore claims 1 1 , 13, 15, and 16 are rejected by a similar 
rationale. 

Allowable Subject Matter 

Claims 2, 7, 8, 12 and 14 objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

The following is a statement of reasons for the indication of allowable subject matter: 

With respect to claims 2, 7,8 and 12, the cited prior art fails to specifically teach 
wherein the step of storing inquiry data includes storing at least one of: a plurality of 
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forms containing questions wherein different forms are stored for different types of 
shared authentication data and are selectable through a user interface, and a plurality of 
questions indexed based on at least type of shared authentication data that are 
automatically selected for presentation based on received entity identification data. 

With respect to claim 14, the cited prior art fails to specifically teach wherein the 
second processor includes a request generator and a question generator and wherein 
the entity includes a graphic user interface for presenting questions received from the 
second processor. 



Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

A. Chari (6,038,319) discloses a method for executing applications using a 
credential consisting of a producer identification number and the application ID for each 
grantor. 

B. Jablon (6,226,383) discloses a method for mutually authenticating two entities 
over a network. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew B Smithers whose telephone number is (703) 
308-9293. The examiner can normally be reached on Monday-Friday (9:00-5:30) EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A Morse can be reached on (703) 308-4789. The fax phone 
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number for the organization where this application or proceeding is assigned is (703) 
872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 



Matthew B Smithers 
Primary Examiner 
Art Unit 21 34 




